krasnika^

РЕШЕН
Съмнение за инфектирана система

    18 мнения в тази тема


    Здравейте, бихте ли ми казали дали имам повод за притеснение. Клавиатурата ми и мишката отказват на моменти, което ме навежда на мисълта че е заразена машината. Работи бавно и ми дава на моменти син екран. Прилагам логовете:

    DDS:

     

    DDS (Ver_2011-09-30.01) - NTFS_x86 
    Internet Explorer: 8.0.6001.18702
    Run by MONI at 14:35:59 on 2013-05-11
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.97 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAviraAntiVir Desktopsched.exe
    C:Program FilesAviraAntiVir Desktopavguard.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSSystem32PAStiSvc.exe
    C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
    C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    C:Program FilesAviraAntiVir Desktopavgnt.exe
    C:Program FilesSkypePhoneSkype.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesTeamViewerVersion8TeamViewer.exe
    C:Program FilesAviraAntiVir Desktopavshadow.exe
    C:Program FilesTeamViewerVersion8tv_w32.exe
    C:WINDOWSSystem32alg.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    c:program filesteamviewerversion8TeamViewer_Desktop.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:WINDOWSsystem32wbemwmiprvse.exe
    C:WINDOWSsystem32svchost.exe -k DcomLaunch
    C:WINDOWSsystem32svchost.exe -k rpcss
    C:WINDOWSSystem32svchost.exe -k netsvcs
    C:WINDOWSsystem32svchost.exe -k NetworkService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=5C83002268826863
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
    uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun
    uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
    mRun: [HDAudDeck] c:program filesviaviaudioihdadeckHDeck.exe 1
    mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
    dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
    TCP: NameServer = 89.215.233.2 89.215.246.40
    TCP: Interfaces{A48477B5-DFB6-4E66-93CA-3491DD09FD48} : DHCPNameServer = 89.215.233.2 89.215.246.40
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
    SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:documents and settingsmoniapplication datamozillafirefoxprofiles5w3wuf8l.default
    FF - plugin: c:documents and settingsall usersapplication datanexoneungmnpNxGameeu.dll
    FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
    FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll
    FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_135.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.tuvaro.hpOld0 - 
    FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=main&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
    FF - user.js: extensions.tuvaro.instlDay - 15812
    FF - user.js: extensions.tuvaro.vrsn - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsni - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.114:03:46
    FF - user.js: extensions.tuvaro.prtnrId - tuvaro
    FF - user.js: extensions.tuvaro.prdct - tuvaro
    FF - user.js: extensions.tuvaro.aflt - orgnl
    FF - user.js: extensions.tuvaro.smplGrp - none
    FF - user.js: extensions.tuvaro.tlbrId - base
    FF - user.js: extensions.tuvaro.instlRef - 9e9471a2
    FF - user.js: extensions.tuvaro.dfltLng - 
    FF - user.js: extensions.tuvaro.excTlbr - false
    FF - user.js: extensions.tuvaro.ffxUnstlRst - false
    FF - user.js: extensions.tuvaro.admin - false
    FF - user.js: extensions.tuvaro.cam - 
    FF - user.js: extensions.tuvaro.autoRvrt - false
    FF - user.js: extensions.tuvaro.rvrt - false
    FF - user.js: extensions.tuvaro.hmpg - true
    FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=homepage&toolbarid=base&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.dfltSrch - true
    FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
    FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=url&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.dnsErr - true
    FF - user.js: extensions.tuvaro.newTab - true
    FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=9e9471a2&tbp=tab&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.tlbrSrchUrl - 
    FF - user.js: extensions.delta.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15812
    FF - user.js: extensions.delta.vrsn - 1.8.16.16
    FF - user.js: extensions.delta.vrsni - 1.8.16.16
    FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:06:01
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]
    R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]
    R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]
    R0 nvlegacy;nvlegacy;c:windowssystem32driversnvlegacy.sys [2012-7-12 100736]
    R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-1-6 37352]
    R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-1-6 86752]
    R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-1-6 110816]
    R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-1-6 84744]
    R2 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-3-5 3574624]
    R3 MonitorFunction;Driver for Monitor;c:windowssystem32driversTVMonitor.sys [2013-2-3 13304]
    R3 PAC207;SoC PC-Camer@;c:windowssystem32driverspfc027.sys [2005-2-24 162176]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2012-12-8 279680]
    S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 vtany;vtany;??c:windowsvtany.sys --> c:windowsvtany.sys [?]
    S3 xhunter1;xhunter1;??c:windowsxhunter1.sys --> c:windowsxhunter1.sys [?]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 250808]
    S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]
    .
    =============== Created Last 30 ================
    .
    2013-04-18 13:37:10 -------- d-----w- c:documents and settingsall usersapplication dataInterAction studios
    2013-04-17 15:58:18 -------- d-----w- c:windowssystem32appmgmt
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsmoniapplication dataBabylon
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsall usersapplication dataBabylon
    2013-04-17 11:03:19 -------- d--h--w- c:windowssystem32GroupPolicy
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb1.bin
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb0.bin
    2013-04-14 00:02:47 1 ----a-w- c:windowssystem32nvdrssel.bin
    2013-04-14 00:02:08 -------- d-----w- c:program filesNVIDIA Corporation
    2013-04-11 19:20:18 26520 ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe
    2013-04-11 19:20:01 96664 ----a-w- c:program filesmozilla firefoxwebapprt-stub.exe
    2013-04-11 19:20:01 19352 ----a-w- c:program filesmozilla firefoxxpcom.dll
    2013-04-11 19:20:01 18581400 ----a-w- c:program filesmozilla firefoxxul.dll
    2013-04-11 19:20:00 92056 ----a-w- c:program filesmozilla firefoxsmime3.dll
    2013-04-11 19:20:00 867000 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe
    2013-04-11 19:20:00 272280 ----a-w- c:program filesmozilla firefoxupdater.exe
    2013-04-11 19:20:00 170232 ----a-w- c:program filesmozilla firefoxwebapp-uninstaller.exe
    2013-04-11 19:20:00 157080 ----a-w- c:program filesmozilla firefoxssl3.dll
    2013-04-11 19:20:00 152472 ----a-w- c:program filesmozilla firefoxsoftokn3.dll
    .
    ==================== Find3M  ====================
    .
    2013-03-27 15:22:35 84744 ----a-w- c:windowssystem32driversavgntflt.sys
    2013-03-27 15:22:35 37352 ----a-w- c:windowssystem32driversavkmgr.sys
    2013-03-08 08:35:47 293376 ----a-w- c:windowssystem32winsrv.dll
    2013-03-07 03:23:36 2070016 ----a-w- c:windowssystem32ntkrnlpa.exe
    2013-03-07 01:31:48 2193536 ----a-w- c:windowssystem32ntoskrnl.exe
    2013-03-02 02:05:19 920064 ----a-w- c:windowssystem32wininet.dll
    2013-03-02 02:05:18 43520 ----a-w- c:windowssystem32licmgr10.dll
    2013-03-02 02:05:18 1469440 ----a-w- c:windowssystem32inetcpl.cpl
    2013-03-02 01:31:30 1876224 ----a-w- c:windowssystem32win32k.sys
    2013-03-02 01:08:57 385024 ----a-w- c:windowssystem32html.iec
    2013-02-12 00:32:23 12928 ----a-w- c:windowssystem32driversusb8023.sys
    .
    ============= FINISH: 14:37:09,76 ===============
     
    Attach:
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-09-30.01)
    .
    Microsoft Windows XP Professional
    Boot Device: DeviceHarddiskVolume1
    Install Date: 07.5.2005 г. 18:24:05
    System Uptime: 11.5.2013 г. 12:55:05 (2 hours ago)
    .
    Motherboard: FOXCONN |  | M61PMV
    Processor: AMD Sempron Processor LE-1200 | AMD Sempron Processor LE-1200 | 2109/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 68 GiB total, 59,224 GiB free.
    D: is FIXED (NTFS) - 165 GiB total, 146,672 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Пакет за езиков интерфейс на Windows
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Bulgarian
    Avira Free Antivirus
    CCleaner
    Chicken Invaders 3 Free Trial
    Compatibility Pack for the 2007 Office system
    Dekaron
    Diner Dash - Hometown Hero
    Google Chrome
    Google Update Helper
    K-Lite Codec Pack 8.4.0 (Standard)
    Microsoft Office 2003 Bulgarian User Interface Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 20.0.1 (x86 bg)
    MSXML 4.0 SP3 Parser (KB2758694)
    Nero 7 Micro
    NVIDIA Drivers
    OnScreenKeys 5.0.48
    PC Camer@
    Platform
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2820917)
    Skype™ 6.3
    TeamViewer 8
    The KMPlayer (remove only)
    VIA п»ї
    WebFldrs XP
    Winamp
    WinRAR 4.01 (32-битова версия)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.5.2013 г. 13:16:53, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    .
    ==== End Of File ===========================
     

    Благодаря  :)

     

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Привет, ето линк към архива: http://dox.bg/files/dw?a=7813a0da6a

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

    Probably caused by : viahduaa.sys ( viahduaa+19e60 )

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:
    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.


    И един от дъмповете се дължи на следното:

     

    Probably caused by : memory_corruption

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20
    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение
    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.
    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.
    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:
    Публикувано изображение

    3 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето линка от стъпка 1: http://file.bg/c233164FmVLa


    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Чудя се дали направо не можете да си карате само на драйвъра на Реалтек за звука, защото имате два драйвъра:

     

    Realtek HDA Audio Drive
    VIA HDA Audio Drive

     

    На сайта на Foxconn драйвърите са доста стари - от 2009-та

     

    На сайта на VIA намерий два за вашия кодек: VIA VT1708B CE

     

    По-стара, но сертифицирана версия - 10.005D Dated: 25-Jul-2012

     

     

    и  по-нова версия (не сертифицирана, но едва ли ще е проблем) - 10.1200A Dated: 7-Nov-2012

     

    Пробвайте и двата и вижте дали сините екрани ще изчезнат. При възможност обновете и останалите драйвъри (но за предпочитане е да не използвате допълнителен софтуер, защото те често свалят погрешните драйвъри за дадена конфигфурация).

     

    Все пак тествайте и РАМ-а и после пишете как е положението.

     

    Също така да почистим и малко Adware и да проверим за активни гадинки:

     

     

     

    СТЪПКА 1

     

     

    Публикувано изображение Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

    • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
    adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

     

     

     

    СТЪПКА 2

     

     

     

    Публикувано изображение Моля изтеглете Junkware Removal Tool на вашия десктоп.


    • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
    JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

     

     

     

    СТЪПКА 3

     

     

    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware

     

    • [*]Кликнете два пъти върху
    mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

    Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

     

     

    СТЪПКА 4

     

     

    Публикувано изображение
    1) Изтеглете: ESET Online Scanner
    2) Стартирайте esetsmartinstaller_enu.exe
    3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
    4) Скенерът ще започне да изтегля компонентите, които са му необходими.
    5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

    • [*]
    Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

    Уверете се че, Remove found threats няма отметка!

    И накрая изберете Start

    6) Скенерът ще започне да изтегля последните дефиниции.
    7) След, като сканирането завърши изберете Finish.
    8) Отидете в: C:Program FilesESETESET Online Scanner.

    9) Прикачете лог с името log.txt файла в следващия си пост.

     

     

     

    СТЪПКА 5

     

     

     

    Публикувано изображение
    Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

    • [*]Кликнете два пъти върху
    SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

    2 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Здравейте, ето резултати: 

     

     

    П.С. Снимката е прекалено голяма за да я кача тук, затова ви пускам линк:  

    http://dox.bg/files/dw?a=a70a18da55

     

    AdwCleanerS2.txt

    checkup.txt

    JRT.txt

    log.txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Липсва лога от MBAM и за съжаление снимката от Eset не върши работа, защото файловете са с криптирани имена, но щом не пазите лога (както ми писахте по Л.С.) нищо не можем да направим за да видим какво е изтрила програмата след първото стартиране. Втория лог от Есет е чист.

     

    Как е сега положението - обновихте ли драйвърите за звука и продължават ли проблемите заради които отворихте темата?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Прикачам липсващия лог. Появи се нов проблем с драйверите на звука - след инсталацията на новия драйвер ( без сертификата) не ми позволява да включа микрофона в предния панел. Машината се държи по - добре. Само да попитам: да махам ли инструментите които ползвахме ? И какво да правя с файловете под карантина ? Благодаря ви.

    mbam-log-2013-04-06 (11-36-38).txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте, файловете на Eset Online Scaner-a и папката в която са инсталирани остана след указаната от вас деинсталация както и карантината на програмата. Компютъра е много "по - пъргав" ако мога така да се изразя. Справихме се успешно с драйверите, и вече всичко е наред. Засега няма сини екрани и едва ли ще има повече проблеми след вашата намеса, за което ви Благодаря :wors: . Проблемите са решени. Само ми укажете начин по който да премахна програмата Eset Online Scaner  безопасно. Поздрави и лека работа :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Явно прибързах със заключенията относно сините екрани. Днес пак се появи ето кода на грешката: 0x000000D1(0xEB0F6E60,0x00000002,0x00000008,0xEB0F6E60). Бихте ли ми казали от какво може да е ? При рестарт на системата и опит да се затвори доклада за грешка на Microsoft дава пак синя страница с този код:0x000000d1(0xEB161E60,0x00000002,0x00000000,0xEB161E60).

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Най-вероятно причината е в драйвър - и може би отново този на VIA.

     

     

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

     

     

     

    Вижте дали има нов dmp файл в папката C:Windowsminidump и ако има го архивирайте.

     

    Ако отново се окаже, че е заради драйвъра на VIA инсталирайте последната версия без сертификата и пробвайте да работите без микрофона или пробвайте изцяло да карате само на драйвърите на Realtek. Щом помагате по TeamViewer-a няма и как да тествате рама от разстояние - но като имате физически достъп до компютъра тествайте плочките на РАМ-а една по една с Memtest, както бях написал по-нагоре.

     

    Също така:

     

    Изтеглете Autoruns и:

     

    • [*]Стартирайте програмата; [*]Изберете
    Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

    ПС: Остатъците от Есет можете да изтриете и ръчно.

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сложихме драйвера на производителя ( с който е купено дъното) и за сега има звук. Има нови Дъмп файлове които прилагам към темата, както и резултата от програмата който поискахте. Поздрави :) http://dox.bg/files/dw?a=b5f4cf62a5 - Minidump

    http://dox.bg/files/dw?a=46a1d5d226 Autoruns - резултат

     

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лошото е, че драйвъра от сайта на производителя, който съм дал е доста стар и може би дори вие в момента сте били със същата версия, която е правила и проблема.

    Според дъмп файловете отново виновен е драйвъра на VIA - viahduaa.sys.

     

    Вариантите са 2.

     

    1. Деинсталирате го и използвате само този на Realtek.

    2. Инсталирате сертифицираната версия, която е по-нова версия от тази на сайта на Foxconn, но и по-стара от несертифицираната версия от сайта на Via.

     

    Поне знаете, къде е проблема! :)

     

    Колкото до Autoruns можете да премахнете следните отметки (не да ги изтриете, а само ги отмаркирайте):

     

    Adobe ARM

    HDAudDeck

     

    И после затворете програмата.

    Изтрийте използваните от нас инструменти. Аз маркирам случая като решен...просто за драйвъра за VIA ако това не помогне не се сещам за друго адекватно решение...

     

    Поздрави!

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:

    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.

    И един от дъмповете се дължи на следното:

     

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20

    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение

    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.

    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.

    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:

    Публикувано изображение

    С огромно закъснение, за което много се извинявам, бих искал да ви съобщя, че състоянието на системата е много добро. Наложи се да преинсталираме целия компютъра с пълно форматиране и разцепване на харддиска, след което направих теста на РАМ паметта ( както ме посъветвахте - цяла нощ ) резултата е че : няма грешки в паметта, и за момента работи добре, и без сини екрани :)  Още веднъж Благодаря за помощта и положените усилия :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Все пак причината бе и си остава в драйвърите на Realtek...и затова го имайте предвид! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :)  точно затова този път съм качил всички без тях :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!


    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.


    Вход

    • Подобни теми

      • от nikolaustirol
        Компютърът ми работи бавно. Имам съмнения за вирус. 
        Addition.txt
        FRST.txt
      • от banica
        Добър вечер имам следния проблем ползвам от дълги години Google Chrome преди няколко дни при стартирането на компютъра и опит да вляза в някой сайт Chroma изобщо не реагираше (отваря се като браузер но не иска да стартира нито една страница). Реших да го деинсталирам и след това да го кача на ново с деинсталацията всичко мина както трябва но при опита ми за инсталиране не се получава нищо (инсталатора се сваля и при стартиране Chroma не се инсталира).
        Не разполагам с компакт диск.
        Благодаря предварително за отделеното внимание.
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2017 01
        Ran by DELL (administrator) on DELL-PC (18-06-2017 00:38:06)
        Running from C:\Users\DELL\Desktop
        Loaded Profiles: DELL (Available Profiles: DELL)
        Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
        Internet Explorer Version 11 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
        (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
        (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
        (Microsoft Corporation) C:\Windows\System32\cmd.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
        HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2017-03-20] (AVAST Software)
        HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4557552 2015-03-31] (Disc Soft Ltd)
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\Run: [background_fault] => "C:\Users\DELL\AppData\Local\background_fault\aswRD.exe" "C:\Users\DELL\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATTENTION
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\MountPoints2: {8d6dc6be-2205-11e7-b8da-002170dc3007} - F:\AutoRun.exe
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\MountPoints2: {8d6dc6cf-2205-11e7-b8da-002170dc3007} - F:\AutoRun.exe
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\MountPoints2: {8d6dc70b-2205-11e7-b8da-002170dc3007} - F:\AutoRun.exe
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\...\MountPoints2: {8d6dc718-2205-11e7-b8da-002170dc3007} - F:\AutoRun.exe
        HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-03-24] (Microsoft Corporation)
        HKLM\...\Providers\f0qglkhl: C:\Program Files\Sadentphafeing Collector\local32spl.dll
        IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
        IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-20] (AVAST Software)
        BootExecute: autocheck autochk * sh4native Sh4Removal
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 95.111.2.193 89.190.192.248
        Tcpip\..\Interfaces\{C1E71F1A-CC71-4047-BAA5-D356E0DD5B86}: [DhcpNameServer] 95.111.2.193 89.190.192.248
        Tcpip\..\Interfaces\{FC614CA5-469D-4181-A6B6-CBF98322B034}: [NameServer] 212.39.90.42 212.39.90.43
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493312620&z=4427c6d29864b1e2377e727g0z9t6c4ccgao9qfo8g&from=che0812&uid=HitachiXHTS543216L9A300_081201FB2200LCJ8WWPAX
        HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493312620&z=4427c6d29864b1e2377e727g0z9t6c4ccgao9qfo8g&from=che0812&uid=HitachiXHTS543216L9A300_081201FB2200LCJ8WWPAX&q={searchTerms}
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493312620&z=4427c6d29864b1e2377e727g0z9t6c4ccgao9qfo8g&from=che0812&uid=HitachiXHTS543216L9A300_081201FB2200LCJ8WWPAX
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493312620&z=4427c6d29864b1e2377e727g0z9t6c4ccgao9qfo8g&from=che0812&uid=HitachiXHTS543216L9A300_081201FB2200LCJ8WWPAX&q={searchTerms}
        HKU\S-1-5-21-298830404-823310887-2522145648-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493312620&z=4427c6d29864b1e2377e727g0z9t6c4ccgao9qfo8g&from=che0812&uid=HitachiXHTS543216L9A300_081201FB2200LCJ8WWPAX
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-20] (AVAST Software)
        Toolbar: HKU\S-1-5-21-298830404-823310887-2522145648-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        FireFox:
        ========
        FF DefaultProfile: 7e3gycsh.default
        FF DefaultProfile: u5oest0k.default
        FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\7e3gycsh.default [2017-06-18]
        FF Extension: (Adblock Plus) - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\7e3gycsh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-17]
        FF ProfilePath: C:\Users\DELL\AppData\Roaming\Firefox\Firefox\Profiles\u5oest0k.default [2017-06-17]
        FF Extension: (HSearch) - C:\Users\DELL\AppData\Roaming\Firefox\Firefox\Profiles\u5oest0k.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-04-27] [not signed]
        FF Extension: (FF Adr) - C:\Users\DELL\AppData\Roaming\Firefox\Firefox\Profiles\u5oest0k.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-04-27] [not signed]
        FF Extension: (Adblock Plus) - C:\Users\DELL\AppData\Roaming\Firefox\Firefox\Profiles\u5oest0k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-17]
        FF SearchPlugin: C:\Users\DELL\AppData\Roaming\Firefox\Firefox\Profiles\u5oest0k.default\searchplugins\startsearch.xml [2017-04-27]
        FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-06-17]
        FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-06-17]
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
        FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1493975816&from=d6440504&uid=hitachixhts543216l9a300_081201fb2200lcj8wwpax&z=4e82025893aaae38d373dafgbzbt7cct9m1wabag5b
        CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1493975816&from=d6440504&uid=hitachixhts543216l9a300_081201fb2200lcj8wwpax&z=4e82025893aaae38d373dafgbzbt7cct9m1wabag5b"
        CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type=ds&ts=1493975816&from=d6440504&uid=hitachixhts543216l9a300_081201fb2200lcj8wwpax&z=4e82025893aaae38d373dafgbzbt7cct9m1wabag5b&q={searchTerms}
        CHR DefaultSearchKeyword: Default -> luck
        CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default [2017-06-17]
        CHR Extension: (eSpeedDownload) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnjbmobicacmenkaoeflopokijejlma [2017-06-17]
        CHR Extension: (Google Docs) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-17]
        CHR Extension: (Google Drive) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-12]
        CHR Extension: (YouTube) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
        CHR Extension: (mixMusic Start) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfgmkcedkmbgppkneoedidgnhfmbloc [2017-03-21]
        CHR Extension: (Avast SafePrice) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-27]
        CHR Extension: (NewTabTV(Amazing)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fphgngcciiakbfffpkloglgiehmjjoba [2017-03-21]
        CHR Extension: (Google Docs Offline) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
        CHR Extension: (Avast Online Security) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-03]
        CHR Extension: (Avira SafeSearch Plus) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-03-21]
        CHR Extension: (eSpeedMovie Start) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgagbeneaceihminfpihcabljldjkhdj [2017-03-21]
        CHR Extension: (myDownloads Start) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbldaemaomaphfmgcifnkbkahnajdk [2017-03-21]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
        CHR Extension: (Search engine by Yahoo) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlibhjmjefbkgnepcmigbgjdjjfobe [2017-03-21]
        CHR Extension: (Gmail) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
        CHR Extension: (Chrome Media Router) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-21]
        CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2017-03-20]
        CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2017-03-20]
        CHR HKU\S-1-5-21-298830404-823310887-2522145648-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2017-03-20] (AVAST Software)
        R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1023728 2015-03-31] (Disc Soft Ltd)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
        S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
        S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [X]
        S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
        S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
        S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
        S2 Kitty; C:\Users\DELL\AppData\Local\Kitty\Kitty.dll [X] <==== ATTENTION
        S2 snare; C:\Users\DELL\AppData\Local\snare\Snare.dll [X] <==== ATTENTION
        S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
        S2 VNASRE; C:\Users\DELL\AppData\Local\VNASRE\Snare.dll [X] <==== ATTENTION
        S2 WindowsOfficeSrv; C:\ProgramData\Microsoft\OneDrive\Uploader.dll [X] <==== ATTENTION
        S2 WinSAPSvc; C:\Users\DELL\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== ATTENTION
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2017-03-20] (AVAST Software)
        R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2017-03-20] (AVAST Software)
        R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2017-03-20] (AVAST Software)
        R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2017-03-20] (AVAST Software)
        R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2017-03-20] (AVAST Software)
        R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2017-03-20] (AVAST Software)
        R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117200 2017-03-20] (AVAST Software)
        R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2017-03-20] (AVAST Software)
        R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2017-03-20] (Disc Soft Ltd)
        S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
        R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
        S3 mausb; C:\Windows\System32\DRIVERS\mausb.sys [35008 2010-07-28] (hxxp://libusb-win32.sourceforge.net)
        U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2017-06-17] ()
        S3 DKPS; \??\C:\Users\DELL\AppData\Local\Temp\dv1C45B.tmp\RR\DKP32.sys [X]
        S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-06-18 00:38 - 2017-06-18 00:38 - 00014552 _____ C:\Users\DELL\Desktop\FRST.txt
        2017-06-18 00:10 - 2017-06-18 00:38 - 00000000 ____D C:\FRST
        2017-06-18 00:10 - 2017-06-18 00:10 - 01777152 _____ (Farbar) C:\Users\DELL\Desktop\FRST.exe
        2017-06-17 23:52 - 2017-06-18 00:02 - 00000000 ____D C:\Users\DELL\AppData\Local\Mozilla
        2017-06-17 23:52 - 2017-06-17 23:52 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
        2017-06-17 23:52 - 2017-06-17 23:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
        2017-06-17 23:52 - 2017-06-17 23:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
        2017-06-17 23:37 - 2017-06-17 23:37 - 00000000 ____D C:\Program Files\CPUID
        2017-06-17 22:58 - 2017-06-17 23:00 - 00385044 _____ C:\TDSSKiller.3.1.0.15_17.06.2017_22.58.01_log.txt
        2017-06-17 22:44 - 2017-06-17 22:55 - 00682934 _____ C:\spyhunter.fix
        2017-06-17 22:44 - 2010-05-13 17:34 - 00014232 _____ C:\Windows\system32\sh4native.exe
        2017-06-17 16:30 - 2017-06-17 23:31 - 00324062 _____ C:\Windows\ntbtlog.txt
        2017-06-17 15:36 - 2017-06-17 15:52 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
        2017-06-17 15:35 - 2017-06-17 15:36 - 00000000 ____D C:\ProgramData\RogueKiller
        2017-06-17 15:32 - 2017-06-17 15:35 - 00000000 ____D C:\ProgramData\HitmanPro
        2017-06-17 03:43 - 2013-10-02 03:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
        2017-06-17 03:43 - 2013-10-02 03:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
        2017-06-17 03:43 - 2013-10-02 03:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
        2017-06-17 03:43 - 2013-10-02 03:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
        2017-06-17 03:43 - 2013-10-02 03:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
        2017-06-17 03:43 - 2013-10-02 02:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
        2017-06-17 03:43 - 2013-10-02 02:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
        2017-06-17 03:43 - 2013-10-02 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
        2017-06-17 03:43 - 2013-10-02 02:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
        2017-06-17 03:43 - 2013-10-02 01:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
        2017-06-17 03:43 - 2013-10-02 01:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
        2017-06-17 03:43 - 2013-10-01 23:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
        2017-06-17 03:20 - 2015-08-05 20:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-06-17 03:20 - 2015-08-05 19:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        2017-06-17 03:16 - 2015-12-16 21:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
        2017-06-17 03:16 - 2015-12-16 21:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
        2017-06-17 03:16 - 2015-12-16 21:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
        2017-06-17 03:15 - 2017-05-03 18:15 - 00081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
        2017-06-17 03:15 - 2017-05-03 18:10 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
        2017-06-17 03:15 - 2017-05-03 16:05 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
        2017-06-17 03:15 - 2017-03-23 05:06 - 01602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
        2017-06-17 03:03 - 2017-06-02 11:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-06-17 03:03 - 2017-05-14 22:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-06-17 03:03 - 2017-05-14 21:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-06-17 03:03 - 2017-05-14 21:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-06-17 03:03 - 2017-05-14 21:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-06-17 03:03 - 2017-05-12 21:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
        2017-06-17 03:03 - 2017-05-12 21:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-06-17 03:03 - 2017-05-12 20:44 - 02401792 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-06-17 03:03 - 2017-05-10 18:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
        2017-06-17 03:03 - 2017-05-10 18:01 - 02092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
        2017-06-17 03:03 - 2017-04-28 01:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-06-17 03:02 - 2017-06-02 11:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-06-17 03:02 - 2017-06-02 10:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-06-17 03:02 - 2017-06-02 10:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-06-17 03:02 - 2017-06-02 10:57 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
        2017-06-17 03:02 - 2017-06-02 10:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-06-17 03:02 - 2017-06-02 10:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-06-17 03:02 - 2017-05-21 07:10 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-06-17 03:02 - 2017-05-21 07:10 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-06-17 03:02 - 2017-05-21 07:06 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-06-17 03:02 - 2017-05-21 07:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-06-17 03:02 - 2017-05-21 06:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-06-17 03:02 - 2017-05-21 06:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-06-17 03:02 - 2017-05-21 06:42 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-06-17 03:02 - 2017-05-21 06:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-06-17 03:02 - 2017-05-21 06:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-06-17 03:02 - 2017-05-21 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-06-17 03:02 - 2017-05-21 06:42 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-06-17 03:02 - 2017-05-16 20:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-06-17 03:02 - 2017-05-14 22:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-06-17 03:02 - 2017-05-14 22:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-06-17 03:02 - 2017-05-14 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-06-17 03:02 - 2017-05-14 22:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-06-17 03:02 - 2017-05-14 22:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-06-17 03:02 - 2017-05-14 22:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-06-17 03:02 - 2017-05-14 22:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-06-17 03:02 - 2017-05-14 22:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-06-17 03:02 - 2017-05-14 22:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-06-17 03:02 - 2017-05-14 22:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-06-17 03:02 - 2017-05-14 22:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-06-17 03:02 - 2017-05-14 22:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-06-17 03:02 - 2017-05-14 22:11 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-06-17 03:02 - 2017-05-14 22:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-06-17 03:02 - 2017-05-14 22:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-06-17 03:02 - 2017-05-14 22:05 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-06-17 03:02 - 2017-05-14 22:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-06-17 03:02 - 2017-05-14 21:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-06-17 03:02 - 2017-05-14 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-06-17 03:02 - 2017-05-14 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-06-17 03:02 - 2017-05-14 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-06-17 03:02 - 2017-05-14 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-06-17 03:02 - 2017-05-14 21:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-06-17 03:02 - 2017-05-14 21:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-06-17 03:02 - 2017-05-14 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-06-17 03:02 - 2017-05-14 21:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-06-17 03:02 - 2017-05-14 21:40 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-06-17 03:02 - 2017-05-14 21:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-06-17 03:02 - 2017-05-14 21:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-06-17 03:02 - 2017-05-14 21:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-06-17 03:02 - 2017-05-14 21:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-06-17 03:02 - 2017-05-12 21:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
        2017-06-17 03:02 - 2017-05-12 21:04 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
        2017-06-17 03:02 - 2017-05-12 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-06-17 03:02 - 2017-05-12 20:45 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-06-17 03:02 - 2017-05-12 20:45 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-06-17 03:02 - 2017-05-12 20:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-06-17 03:02 - 2017-05-12 20:45 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-06-17 03:02 - 2017-05-12 20:43 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-06-17 03:02 - 2017-05-12 20:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
        2017-06-17 03:02 - 2017-05-12 20:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-06-17 03:02 - 2017-05-12 19:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
        2017-06-17 03:02 - 2017-05-12 19:25 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
        2017-06-17 03:02 - 2017-05-10 18:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
        2017-06-17 03:02 - 2017-05-10 18:12 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
        2017-06-17 03:02 - 2017-05-10 18:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
        2017-06-17 03:02 - 2017-05-10 18:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
        2017-06-17 03:02 - 2017-05-10 18:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
        2017-06-17 03:02 - 2017-05-10 18:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
        2017-06-17 03:02 - 2017-05-10 18:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
        2017-06-17 03:02 - 2017-05-10 18:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
        2017-06-17 03:02 - 2017-05-10 18:00 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
        2017-06-17 03:02 - 2017-05-10 18:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
        2017-06-17 03:02 - 2017-05-10 18:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
        2017-06-17 03:02 - 2017-05-10 18:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
        2017-06-17 03:02 - 2017-05-10 17:47 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
        2017-06-17 03:02 - 2017-05-09 18:11 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2017-06-17 03:02 - 2017-05-09 18:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2017-06-17 03:02 - 2017-05-09 18:01 - 00066048 _____ C:\Windows\system32\PrintBrmUi.exe
        2017-06-17 03:02 - 2017-05-07 18:14 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
        2017-06-17 03:02 - 2017-05-07 17:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
        2017-06-17 03:02 - 2017-03-30 17:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
        2017-06-17 02:55 - 2017-06-17 02:55 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
        2017-06-17 02:53 - 2017-06-17 02:53 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
        2017-06-17 02:51 - 2017-06-17 02:51 - 00000000 __RSH C:\MSDOS.SYS
        2017-06-17 02:51 - 2017-06-17 02:51 - 00000000 __RSH C:\IO.SYS
        2017-06-17 02:50 - 2017-06-17 02:50 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
        2017-06-17 02:47 - 2017-06-17 02:47 - 00109280 _____ C:\Users\DELL\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-06-17 02:38 - 2017-03-20 19:32 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
        2017-06-17 01:57 - 2017-06-17 01:58 - 31001390 _____ C:\Users\DELL\Downloads\tweaking.com_windows_repair_aio.zip
        2017-06-17 01:08 - 2017-06-17 23:50 - 00000000 ____D C:\Users\DELL\AppData\Local\Deployment
        2017-06-17 01:08 - 2017-06-17 23:33 - 00000000 ____D C:\Users\DELL\AppData\Local\Apps\2.0
        2017-06-16 23:59 - 2017-06-17 23:51 - 00000000 ____D C:\ProgramData\TEMP
        2017-06-16 23:59 - 2017-06-16 23:59 - 00000000 ____D C:\Users\DELL\AppData\Roaming\URSoft
        2017-06-12 17:46 - 2017-06-12 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes
        2017-06-08 19:12 - 2017-06-08 19:12 - 00031177 _____ C:\Users\DELL\Downloads\Pirates.of.the.Caribbean.Dead.Men.Tell.No.Tales.2017.PROPER.HD_TS.x264_CPG.(subs.sab.bz).rar
        2017-06-08 19:09 - 2017-06-08 19:09 - 00127221 _____ C:\Users\DELL\Downloads\pirates_of_the_caribbean_-_dead_men_tell_no_tales(subsunacs.net).rar
        2017-05-29 19:36 - 2017-05-29 19:36 - 00028023 _____ C:\Users\DELL\Downloads\xXx.Return.of.Xander.Cage.2017.BRRip.XviD.AC3_EVO.(subs.sab.bz) (1).rar
        2017-05-22 16:03 - 2017-05-22 16:03 - 00045506 _____ C:\Users\DELL\Downloads\repo.bg.plugins (3).zip
        2017-05-22 10:29 - 2017-05-23 20:52 - 00000000 ____D C:\Users\DELL\AppData\Local\CSHMDR
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-06-18 00:02 - 2017-04-27 20:09 - 00000000 ____D C:\Users\DELL\AppData\LocalLow\Mozilla
        2017-06-18 00:01 - 2017-03-20 19:08 - 00000197 _____ C:\Users\DELL\AppData\Roaming\burnaware.ini
        2017-06-17 23:54 - 2009-07-14 07:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-06-17 23:54 - 2009-07-14 07:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-06-17 23:52 - 2017-04-27 20:09 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
        2017-06-17 23:52 - 2017-04-27 20:09 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Mozilla
        2017-06-17 23:45 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2017-06-17 22:55 - 2017-04-26 10:36 - 00000000 ____D C:\Windows\psgo
        2017-06-17 22:55 - 2017-04-15 21:03 - 00000000 ____D C:\ProgramData\DatacardService
        2017-06-17 22:54 - 2017-05-09 14:23 - 00000000 ____D C:\Users\DELL\AppData\Local\background_fault
        2017-06-17 22:53 - 2017-04-27 20:08 - 00000000 ____D C:\Program Files\Firefox
        2017-06-17 22:53 - 2017-04-20 12:33 - 00000000 ____D C:\Users\DELL\AppData\Local\SNARE
        2017-06-17 16:28 - 2017-03-21 21:00 - 00000000 ____D C:\Users\DELL\AppData\Roaming\BitTorrent
        2017-06-17 16:28 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
        2017-06-17 16:26 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\IME
        2017-06-17 06:57 - 2017-05-09 14:23 - 00000000 ____D C:\ProgramData\BIT
        2017-06-17 06:57 - 2017-05-09 14:22 - 00000000 ____D C:\Users\DELL\AppData\Local\VNASRE
        2017-06-17 06:57 - 2017-04-20 12:33 - 00000000 ____D C:\Users\DELL\AppData\Local\Kitty
        2017-06-17 06:57 - 2017-04-07 14:20 - 00000000 ____D C:\Users\DELL\AppData\Roaming\WinSAPSvc
        2017-06-17 06:57 - 2017-04-07 14:20 - 00000000 ____D C:\Program Files\MIO
        2017-06-17 04:09 - 2017-03-20 19:14 - 00000000 ____D C:\Users\DELL\AppData\Local\Google
        2017-06-17 04:06 - 2017-03-20 18:27 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-06-17 03:58 - 2009-07-14 07:33 - 00411648 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-06-17 03:55 - 2017-04-03 11:05 - 00000000 ____D C:\Windows\system32\appraiser
        2017-06-17 03:55 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\migwiz
        2017-06-17 03:53 - 2017-05-11 15:43 - 00044822 _____ C:\Windows\system32\1
        2017-06-17 03:51 - 2017-03-20 19:35 - 130903960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2017-06-17 02:39 - 2017-03-20 19:34 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
        2017-06-17 02:36 - 2017-03-20 18:21 - 00000000 ____D C:\Users\DELL
        2017-06-17 02:32 - 2017-03-20 19:07 - 00000000 ____D C:\Users\DELL\AppData\Roaming\vlc
        2017-06-17 02:32 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\PolicyDefinitions
        2017-06-17 02:32 - 2009-07-14 05:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-06-17 02:31 - 2009-07-14 10:49 - 00000000 ___RD C:\Users\Public\Recorded TV
        2017-06-17 02:30 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\registration
        2017-06-17 02:29 - 2017-03-21 20:44 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Kodi
        2017-06-17 00:06 - 2017-03-21 04:12 - 00000000 ____D C:\Windows\Panther
        2017-06-12 17:45 - 2017-04-21 13:00 - 00000000 _____ C:\Users\Public\Documents\report.dat
        2017-06-12 17:34 - 2017-04-21 13:00 - 00000506 _____ C:\Users\Public\Documents\temp.dat
        2017-06-06 13:56 - 2017-03-22 11:44 - 00000000 ____D C:\Users\DELL\Desktop\SC8100_16051601_Test_Patch_2
        2017-05-28 18:49 - 2017-05-11 14:55 - 00000000 ____D C:\Reerdition
        2017-05-25 17:49 - 2009-07-14 07:53 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
        2017-05-25 17:49 - 2009-07-14 07:53 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU(132).TXT
        2017-05-23 12:24 - 2017-05-15 14:03 - 00000000 ____D C:\Users\DELL\AppData\Local\CWASRE
        2017-05-22 11:15 - 2017-03-20 18:22 - 00001733 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
        2017-05-19 15:14 - 2017-05-11 14:46 - 00000000 ____D C:\Users\DELL\AppData\Local\NPASRE
        ==================== Files in the root of some directories =======
        2017-03-20 19:08 - 2017-06-18 00:01 - 0000197 _____ () C:\Users\DELL\AppData\Roaming\burnaware.ini
        Some files in TEMP:
        ====================
        2017-06-17 15:36 - 2017-05-12 21:04 - 1310528 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Local\Temp\dllnt_dump.dll
        2017-06-17 17:18 - 2017-06-17 15:22 - 10279264 _____ (SurfRight B.V.) C:\Users\DELL\AppData\Local\Temp\HitmanPro.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-05-04 10:12
        ==================== End of FRST.txt ============================
        Addition.txt
      • от Димитра Христова
        Здравейте,
        мисля че бях заразена с вирус който беше на флашка. Преди няколко дни колежка ми даде въпросната флашка за да и принтирам документи и забелязах че самите документи се визуализират като преки пътища, но успях да и принтирам документите. След рестартиране обаче започна да се показва странни съобщение че някакъв видеофайл не може да бъде намерен (нямам снимка в момента да покажа). Реших да погледна в процесите които се стартират заедно с ОС какво се стартира и забелязах този файл :  . Нямам диск с ОС за Windows.
         
        FRST.txt
        Addition.txt
      • от martiron
        Здравейте,
         
        След като първата ми система се оправи, благодарение на @B-boy/StyLe/ , сега проблема го има на втория компютър. Тук проблема е същия, заедно с малко подобрения. Снощи се пробвах да го оправя за да не занимавам хората с моите работи, а именно да деинсталирам Chrome-а и да го инсталирам наново, но работата не ми се получи. Деинсталацията беше успешна, но повторната инсталация не се получи, идея си нямам защо. Стартирам инсталатора, но нищо не се случва, все едно нещо го блокира. Слагам log файла от Farbar Recovery Scan Tool.
        Отново благодаря предварително на този който ще се занимава с мен.
        Addition.txt
        FRST.txt
      • от Kremi73
        Здравейте, имам съмнения че компютъра ми е заразен.При отваряне на определен от мен сайт\примерно фейсбук\ ми се отварят допълнителни прозорци с други сайтове, а също така скоростта драстично падна.Моля за помощ! 
         
        Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
        Ran by User (07-06-2017 18:23:22)
        Running from C:\Users\User\Downloads
        Windows 10 Pro Version 1511 (X64) (2016-02-11 02:27:59)
        Boot Mode: Normal
        ==========================================================

        ==================== Accounts: =============================
        Administrator (S-1-5-21-2749757513-2474199141-1410865342-500 - Administrator - Disabled)
        DefaultAccount (S-1-5-21-2749757513-2474199141-1410865342-503 - Limited - Disabled)
        Guest (S-1-5-21-2749757513-2474199141-1410865342-501 - Limited - Disabled)
        HomeGroupUser$ (S-1-5-21-2749757513-2474199141-1410865342-1003 - Limited - Enabled)
        User (S-1-5-21-2749757513-2474199141-1410865342-1001 - Administrator - Enabled) => C:\Users\User
        ==================== Security Center ========================
        (If an entry is included in the fixlist, it will be removed.)
        AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        ==================== Installed Programs ======================
        (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
        µTorrent (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
        ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
        Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
        Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
        Advanced PDF Password Recovery (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.)
        Akamai NetSession Interface (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
        AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
        Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
        Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
        CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
        Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
        Connection Manager (HKLM-x32\...\Connection Manager_is1) (Version:  - TCT Mobile Limited)
        D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
        DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
        Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
        Dropbox (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
        Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
        Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
        Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
        Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
        Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
        HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
        Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
        Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
        Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
        Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
        Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
        Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
        Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
        Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
        Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
        K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
        LG United Mobile Drivers (HKLM-x32\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
        Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
        Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
        Microsoft OneDrive (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
        Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
        Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
        Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
        Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
        Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
        Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
        Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
        Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
        Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
        Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
        Minecraft1.7.10 (HKLM-x32\...\Minecraft1.7.10) (Version:  - )
        Momento Express (HKLM-x32\...\{07518129-C44E-40D7-8D06-5C0507481A9F}) (Version:  - )
        Mortimer Beckett and the Time Paradox 1.00 (HKLM-x32\...\Mortimer Beckett and the Time Paradox 1.00) (Version:  - )
        Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
        Mozilla Firefox 47.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 bg)) (Version: 47.0.2 - Mozilla)
        Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
        Mystery Trackers 2 - Raincliff (Collector's Edition) 1.00 (HKLM-x32\...\Mystery Trackers 2 - Raincliff (Collector's Edition) 1.00) (Version:  - )
        Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
        Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
        Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
        Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.46.1707.0 - Hi-Rez Studios)
        Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
        SA Dictionary® 2012 Beta1 (HKLM-x32\...\SA Dictionary® 2012 Beta1) (Version:  - )
        Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
        Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
        Spotify (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
        Subway Surfers 1.0 (HKLM-x32\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
        Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
        The SIMS 4 v. 1.20.60.1020 (HKLM-x32\...\The SIMS 4_is1) (Version:  - )
        The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.)
        Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.30 - Tweaking.com)
        Unity Web Player (HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
        Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
        Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
        Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
        Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version:  - Microsoft)
        VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
        Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
        WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
        WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
        WebTrance2 (деинсталиране) (HKLM-x32\...\WebTrance2) (Version:  - )
        Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
        WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
        Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
        Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
        Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
        WinRAR 4.20 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
        Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
        Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
        Български пакет за Mystery Trackers - The Void (Collector's Edition) 1.00 (HKLM-x32\...\Български пакет за Mystery Trackers - The Void (Collector's Edition) 1.00) (Version:  - )
        Фотогалерия (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
        ==================== Custom CLSID (Whitelisted): ==========================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        CustomCLSID: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
        ==================== Scheduled Tasks (Whitelisted) =============
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        Task: {0DA8EC7B-E133-4BD1-BF3A-0F92383C764B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
        Task: {1347C759-2B8A-4B0B-89CA-7E91279691C3} - System32\Tasks\{63F165AF-DD3C-499A-A3A1-300702131ED8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.5.73.102.456/bg/abandoninstall?page=tsProgressBar
        Task: {1D774E86-C367-470D-B2CE-B9ED2A35F516} - System32\Tasks\{F07288F4-1BDE-4C49-ABBC-8E64D514E59C} => pcalua.exe -a G:\Autorun.exe -d G:\
        Task: {1ECEECBA-D805-42BF-85DA-F3772F0A6037} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
        Task: {2BFCB21D-7069-4317-BA78-A80E66C11FD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
        Task: {35ABDC46-D02C-4476-8883-101A7A6269A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
        Task: {46BF56C4-CABB-47E6-99C3-3C2BA7C171B3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2749757513-2474199141-1410865342-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
        Task: {523A9747-FC2D-45D7-BECB-DBD572682CCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
        Task: {5B4B475B-F2BA-4AA8-9160-E6B7A99C978F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
        Task: {5C4A9A98-C3A8-4BC8-AEFD-9CE23B672DCA} - System32\Tasks\{809A2729-3D0A-4775-B8E2-6AA09846CC26} => Chrome.exe hxxp://ui.skype.com/ui/0/7.5.73.102.456/bg/abandoninstall?page=tsProgressBar
        Task: {665FA48E-F3D7-4C7D-A21E-F35B3C54F204} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
        Task: {7381CA19-7505-411E-B7A8-CA29A062556F} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe 
        Task: {8292E96A-D6F1-463F-B13A-DF8C7300C375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
        Task: {9C84CCB0-ADD2-4C61-AD02-CBFE9AB1504F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
        Task: {9F6E8253-B102-4CBE-ACA2-CD8921EFFF1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
        Task: {A0569B34-4568-46C7-A60C-60ADD31DC703} - System32\Tasks\Opera scheduled Autoupdate 1416126846 => C:\Program Files (x86)\Opera\launcher.exe 
        Task: {A3F4482B-2991-4592-94BC-11D5CED7B62E} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
        Task: {AF5C2FEC-FFE5-4B7D-A151-FC5BCE888ACF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2749757513-2474199141-1410865342-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
        Task: {BDEFE56C-070E-4047-9FBC-D933BECD40FF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
        Task: {C110E96C-5816-44DB-8C42-8E57ABC93D75} - System32\Tasks\{EFABECDE-CD20-469D-8BB1-05DE6D3E8F67} => Chrome.exe hxxps://ui.skype.com/ui/0/7.33.0.104/bg/abandoninstall?page=tsInstall
        Task: {CB780BD9-A199-443C-8032-B5C5FE840346} - System32\Tasks\{B554382F-9E70-41AC-A29A-53EFCFBBD717} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
        Task: {CCD12B7C-276D-477F-94B4-8597725A18AE} - System32\Tasks\{EC34CB12-979C-4B1A-B0CD-61950B4D1759} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.73.105.456/bg/abandoninstall?page=tsProgressBar
        Task: {D0972340-04F7-4867-85FF-159EC99B2682} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
        Task: {D7D358BA-6DCF-421E-8297-7E66EAAD2B01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
        Task: {DB46C33B-0CA4-447B-9D41-683254D7A63B} - System32\Tasks\{8DBF7D03-94BD-4D81-8AB9-F8CC5306A194} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.73.101.456/bg/abandoninstall?page=tsProgressBar
        Task: {DB793F79-5AE5-417C-B23E-05649ACDB7CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
        Task: {E0C33A43-D34D-4DFA-9068-7F748ED84F3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe 
        Task: {E11518C8-0495-4580-9A19-4077BE1E14D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
        Task: {E35F39F3-67A7-4E1A-97B8-41E21892A490} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
        Task: {F0842172-37B7-4801-A4CF-B5DA7E88E542} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-02] (Google Inc.)
        Task: {F9383BC8-73A9-4DC7-90EC-C4A89E65E4ED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
        Task: {FDD335EA-3BFF-42A1-B1F5-734E55BC07B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
        (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
        Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2749757513-2474199141-1410865342-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
        Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2749757513-2474199141-1410865342-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
        ==================== Shortcuts =============================
        (The entries could be listed to be restored or removed.)
        Shortcut: C:\Users\User\Desktop\DarkHeritage_GuardiansOfHopeCE - Пряк път.lnk -> D:\игри\Dark Heritage Guardians of Hope CE\Dark Heritage Guardians of Hope CE\DarkHeritage_GuardiansOfHopeCE.exe () <===== Cyrillic
        Shortcut: C:\Users\User\Desktop\MailBooks - Пряк път.lnk -> D:\MailBooks\MailBooks.exe (PanJoro) <===== Cyrillic
        Shortcut: C:\Users\User\Desktop\Photoshop - Пряк път.lnk -> C:\Program Files (x86)\Photoshop\Photoshop.exe (Adobe Systems, Incorporated) <===== Cyrillic
        Shortcut: C:\Users\User\Desktop\Смена языкаThe SIMS 4.lnk -> C:\Games\The SIMS 4\EASetup.exe () <===== Cyrillic
        Shortcut: C:\Users\User\Desktop\Този компютър - Пряк път.lnk -> [LFPO :i+00Tz1SPS0%G`-">78 :><?NBJ@1!8AB5<=0 ?0?:01SPSjc(=Oe)::{20D04FE0-3AEA-1069-A2D8-08002B30309D}M1SPSOh+'1>OB :><?NBJ@] <===== Cyrillic
        Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Опционални функции.lnk -> C:\WINDOWS\System32\fodhelper.exe (Microsoft Corporation) <===== Cyrillic
        Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Помощен файл на WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic
        Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ръководство за конзолната версия на RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <===== Cyrillic
        Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\WINDOWS\System32\fsquirt.exe (Microsoft Corporation) <===== Cyrillic
        Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop - Пряк път.lnk -> C:\Program Files (x86)\Photoshop\Photoshop.exe (Adobe Systems, Incorporated) <===== Cyrillic
        ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Получател на факса.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation) -> /SendTo <===== Cyrillic
        ==================== Loaded Modules (Whitelisted) ==============
        2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
        2016-11-09 10:03 - 2016-10-25 12:42 - 02656952 _____ () c:\windows\system32\CoreUIComponents.dll
        2016-08-02 21:24 - 2012-12-04 16:50 - 00051576 _____ () C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe
        2016-12-24 21:15 - 2014-08-19 22:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
        2016-02-11 12:07 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
        2016-07-13 08:30 - 2016-07-01 06:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
        2016-11-09 10:04 - 2016-10-25 07:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
        2016-11-09 10:04 - 2016-10-25 07:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
        2016-11-09 10:04 - 2016-10-25 07:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
        2016-11-09 10:04 - 2016-10-25 07:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
        2016-11-21 18:19 - 2016-11-21 18:19 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
        2017-05-12 07:42 - 2017-05-09 12:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
        2017-05-12 07:42 - 2017-05-09 12:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
        2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
        2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
        2017-03-30 10:15 - 2017-03-30 10:15 - 01359456 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll
        ==================== Alternate Data Streams (Whitelisted) =========
        (If an entry is included in the fixlist, only the ADS will be removed.)
        AlternateDataStreams: C:\ProgramData\TEMP:ECF3C50F [164]
        ==================== Safe Mode (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
        ==================== Association (Whitelisted) ===============
        (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

        ==================== Internet Explorer trusted/restricted ===============
        (If an entry is included in the fixlist, it will be removed from the registry.)
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\008i.com -> 008i.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\008k.com -> 008k.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\00hq.com -> 00hq.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\0190-dialers.com -> 0190-dialers.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\0calories.net -> 0calories.net
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1-se.com -> 1-se.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\100gal.net -> 100gal.net
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\100sexlinks.com -> 100sexlinks.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\101lottery.com -> 101lottery.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\123found.com -> 123found.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\123keno.com -> 123keno.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\143fuck.com -> 143fuck.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\180solutions.com -> 180solutions.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1se.ru -> 1se.ru
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1sexparty.com -> 1sexparty.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1stfind.com -> 1stfind.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\1stpagehere.com -> 1stpagehere.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\2020search.com -> 2020search.com
        IE restricted site: HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\20x2p.com -> 20x2p.com
        There are 1541 more sites.

        ==================== Hosts content: ===============================
        (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
        2017-05-15 20:55 - 2017-05-15 20:55 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
        127.0.0.1       localhost
        ==================== Other Areas ============================
        (Currently there is no automatic fix for this section.)
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\Control Panel\Desktop\\Wallpaper -> D:\Креми\landscape-hd-wallpapers-21.jpg
        DNS Servers: 192.168.1.1
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
        Windows Firewall is enabled.
        ==================== MSCONFIG/TASK MANAGER disabled items ==
        HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
        HKLM\...\StartupApproved\Run: => "EnergyUtility"
        HKLM\...\StartupApproved\Run: => "Energy Management"
        HKLM\...\StartupApproved\Run: => "StartCN"
        HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR11"
        HKLM\...\StartupApproved\Run32: => "WinampAgent"
        HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
        HKLM\...\StartupApproved\Run32: => "T-Mobile ModemListener"
        HKLM\...\StartupApproved\Run32: => "SynTPEnh"
        HKLM\...\StartupApproved\Run32: => "SmartAudio"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "uTorrent"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "Dropbox Update"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "BingSvc"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "OneDrive"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "Spotify Web Helper"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "Spotify"
        HKU\S-1-5-21-2749757513-2474199141-1410865342-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
        ==================== FirewallRules (Whitelisted) ===============
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        FirewallRules: [UDP Query User{CA890C88-C156-47B8-8300-09CD19BBCA63}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
        FirewallRules: [TCP Query User{0E388F2A-6F9D-4922-A2B5-7B260789DC27}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
        FirewallRules: [{F1810597-3049-442E-87D2-9EFD93DC675D}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{99B6C4AB-F696-4450-AECA-FDA52250C34C}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [TCP Query User{BC32033E-993C-4157-AE7C-EFBD9FD3DAF8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [UDP Query User{DFD208A9-C994-4CF4-B4BB-8DF1739E7315}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
        FirewallRules: [TCP Query User{DB592B2F-7A77-4F64-83D5-EBC96A8E4413}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
        FirewallRules: [UDP Query User{74098215-0EB1-4B6F-ADA7-AFACE8FE73B1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
        FirewallRules: [{BAAC4499-F8E8-41C1-9294-2C25EAB049C1}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
        FirewallRules: [{C4AAD701-F340-4E66-A57E-2380074BEA3C}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
        FirewallRules: [TCP Query User{CC774BD1-99B7-4674-9737-2DDA3E42B3E6}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
        FirewallRules: [UDP Query User{6A634FF9-C187-42C7-8E4D-DB6AD80B155A}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
        FirewallRules: [{F26D125A-CF58-41D6-AF7D-75C6BA3427DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        FirewallRules: [{06585A2D-BCB5-4107-93AB-AB5E0330C931}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        FirewallRules: [{0CDDE227-EE74-49AB-A26D-7D61614E674E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{CC04C6CD-F226-4072-9A5A-D8E8CD79B406}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [TCP Query User{901E1517-C434-4AD9-A4EC-BCB4F4629FB4}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
        FirewallRules: [UDP Query User{5E1E6360-C42E-429A-B973-6E747A8A427D}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
        FirewallRules: [TCP Query User{C838B2AA-EB24-493B-8382-C16F1EC65FFC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
        FirewallRules: [UDP Query User{D49DC46F-5696-4595-A26D-1C8B553AC82B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
        FirewallRules: [TCP Query User{760EC08F-7FA5-46F7-AD64-22926E276578}C:\users\user\desktop\utorrent.exe] => (Block) C:\users\user\desktop\utorrent.exe
        FirewallRules: [UDP Query User{BBFFD870-0509-49C9-B43E-319F5CBEE1E6}C:\users\user\desktop\utorrent.exe] => (Block) C:\users\user\desktop\utorrent.exe
        FirewallRules: [{4538E273-A01A-4B38-B3B8-52CB3D25C462}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
        FirewallRules: [{9050E3C1-F5F0-4B4D-BA26-A2C02B05D2BE}] => (Allow) LPort=2869
        FirewallRules: [{7FD883D3-B21C-4BC3-8E6B-B46175DC533C}] => (Allow) LPort=1900
        FirewallRules: [TCP Query User{4A2B6E1C-7266-4A8F-8DAA-D4CAE938288B}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
        FirewallRules: [UDP Query User{33F28947-47A3-4703-AF3D-CC7EB2DC2B97}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
        FirewallRules: [TCP Query User{A19587E4-CE30-4E26-81F2-018209D4EB82}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
        FirewallRules: [UDP Query User{815A3F06-1D39-4F0D-B691-E351F0C12A25}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
        FirewallRules: [TCP Query User{5D57E589-AE67-4EFA-86AD-38F1DC1DDD98}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
        FirewallRules: [UDP Query User{FE8DE178-795C-4326-87F3-608796ABBDA5}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
        FirewallRules: [TCP Query User{8D3E4938-8387-49D1-A235-3F00F3BF16E1}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
        FirewallRules: [UDP Query User{89C503D4-2531-4294-B25C-2DE3CB8D6F0B}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
        FirewallRules: [{3E19FDE5-522B-46ED-B4C6-D443956924AA}] => (Allow) C:\Games\The SIMS 4\Game\Bin\TS4.exe
        FirewallRules: [{ADDC5961-C586-4A80-A340-C67944CC93A8}] => (Allow) C:\Games\The SIMS 4\Game\Bin\TS4.exe
        FirewallRules: [{DB58893C-A041-4495-968A-839A1C7EED00}] => (Allow) C:\Games\The SIMS 4\Game\Bin\TS4_x64.exe
        FirewallRules: [{BFC3AC07-BB8E-4F4B-B130-5D27F3CE06AC}] => (Allow) C:\Games\The SIMS 4\Game\Bin\TS4_x64.exe
        FirewallRules: [{B7CD0E03-9395-4630-A7C9-510D476059C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Restore Points =========================
        30-05-2017 11:18:52 Scheduled Checkpoint
        06-06-2017 16:28:56 Tweaking.com - Windows Repair
        ==================== Faulty Device Manager Devices =============

        ==================== Event log errors: =========================
        Application errors:
        ==================
        Error: (06/07/2017 03:03:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
        Description: Event-ID 0
        Error: (06/07/2017 02:51:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
        Description: Услугата "Криптографски услуги" не можа да инициализира базата  данни с каталози. ESENT грешката е: -1216.
        Error: (06/07/2017 02:51:44 PM) (Source: ESENT) (EventID: 454) (User: )
        Description: Catalog Database (1684) Catalog Database: Database recovery/restore failed with unexpected error -1216.
        Error: (06/07/2017 02:51:44 PM) (Source: ESENT) (EventID: 494) (User: )
        Description: Catalog Database (1684) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
        Error: (06/07/2017 02:51:37 PM) (Source: ESENT) (EventID: 455) (User: )
        Description: svchost (1432) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0011E.log.
        Error: (06/06/2017 04:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Име на приложение с грешки: ShellExperienceHost.exe, версия: 10.0.10586.494, времево клеймо: 0x5775e94c
        Име на модул с грешки: Windows.UI.Xaml.dll, версия: 10.0.10586.672, времево клеймо: 0x580eeb60
        Код на изключение: 0xc000027b
        Отместване на грешка: 0x00000000006fd1db
        ИД на процес на грешка: 0x2980
        Начален час на приложението с грешки: 0x01d2decc0aab768a
        Път на приложението с грешки: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
        Път на модула с грешки: C:\Windows\System32\Windows.UI.Xaml.dll
        ИД на доклад: 32dab2cb-fc2f-4789-9e6b-9bab7a401f04
        Пълно име на пакета с грешка: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
        ИД на свързаното с пакета с грешка приложение: App
        Error: (06/06/2017 04:50:54 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
        Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6632.  Message ID: [0x2509].
        Error: (06/06/2017 04:49:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
        Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
        Error: (06/06/2017 04:49:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
        Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
        Error: (06/06/2017 04:49:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
        Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

        System errors:
        =============
        Error: (06/07/2017 05:31:24 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 05:31:24 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 05:31:24 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 05:31:24 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 05:26:30 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 02:55:41 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 02:55:41 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 02:55:41 PM) (Source: DCOM) (EventID: 10016) (User: PC)
        Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
        {C2F03A33-21F5-47FA-B4BB-156362A2F239}
         and APPID 
        {316CDED5-E4AE-4B15-9113-7055D84DCC97}
         to the user PC\User SID (S-1-5-21-2749757513-2474199141-1410865342-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
        Error: (06/07/2017 02:53:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
        Description: Услуга Windows Presentation Foundation Font Cache 3.0.0.0 не може да бъде стартирана поради следната грешка: 
        The service did not respond to the start or control request in a timely fashion.
        Error: (06/07/2017 02:53:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
        Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Presentation Foundation Font Cache 3.0.0.0 да се свърже.

        CodeIntegrity:
        ===================================
          Date: 2017-06-06 16:27:57.395
          Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
          Date: 2017-06-03 20:26:25.232
          Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
          Date: 2017-05-30 11:10:14.854
          Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
          Date: 2017-05-21 20:50:52.371
          Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
          Date: 2017-05-16 14:48:22.510
          Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
          Date: 2017-05-16 09:45:14.907
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
          Date: 2017-05-16 07:38:04.280
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
          Date: 2017-04-27 07:53:45.225
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
          Date: 2017-04-27 07:53:44.156
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.
          Date: 2017-04-27 07:53:43.908
          Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

        ==================== Memory info =========================== 
        Processor: Intel(R) Pentium(R) CPU 2030M @ 2.50GHz
        Percentage of memory in use: 67%
        Total physical RAM: 6041.77 MB
        Available physical RAM: 1981.42 MB
        Total Virtual: 6425.77 MB
        Available Virtual: 2080.21 MB
        ==================== Drives ================================
        Drive c: () (Fixed) (Total:246.96 GB) (Free:109.7 GB) NTFS
        Drive d: (Нов том) (Fixed) (Total:683.59 GB) (Free:576.6 GB) NTFS
        ==================== MBR & Partition Table ==================
        ========================================================
        Disk: 0 (Size: 931.5 GB) (Disk ID: D9FA2484)
        Partition: GPT.
        ==================== End of Addition.txt ============================
         
         
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение